Irked by the slow progress made by banks in addressing security concerns around automated teller machines (ATMs), the Reserve Bank of India (RBI) on Thursday set certain compliance timelines. RBI added that any deficiency in timely and effective compliance with the instructions may invite “appropriate supervisory enforcement action”.
“The slow progress on the part of the banks in addressing these issues has been viewed seriously by the RBI,” the central bank said. It added that the vulnerability arising from the banks’ ATMs operating on unsupported version of operating system and non-implementation of other security measures, could potentially affect the interests of customers adversely.
“In order to address these issues in a time-bound manner, banks and White-Label ATM operators are advised to initiate immediate action in this regard and implement the following control measures as per the prescribed timelines..,” RBI said.
The first set of measures to be completed by August 2018 include, implementing security measures such as Basic Input Output System (BIOS) password, disabling USB ports, disabling auto run facility, applying the latest patches of operating system and other softwares, terminal security solution and time-based admin access.
Meanwhile, lenders need to implement anti-skimming and whitelisting solution by March 2019. The central bank has also asked them to upgrade all the ATMs with supported versions of the operating system. These upgrades, RBI added, should be carried out in a phased manner. Not less than 25% of the ATMs should be upgraded by September 2018; at least 50% should be upgraded by December 2018; at least 75% by March 2019 and the rest by June 2019.